Win32/cryptor virus, help me remove it please

View previous topic View next topic Go down

Win32/cryptor virus, help me remove it please

Post by ksbunnie1 on Sun May 31, 2009 7:27 pm

I ran all the things in your post instructions "before posting". I am getting windows from my AVG coming up so fast I can hardly do all this. My internet is slow, my time won't stay right, screensaver changes, on and on things are wrong on here. I need help. Thank you so much in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:32 PM, on 5/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP Optical 4 Button USB Mouse\KMaestro.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\HP_Owner\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {359A19B8-DCD9-4965-A573-2B36853E36B8} - c:\windows\system32\cboglmvc.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Microsoft Office Helper - {8B4894F8-4848-387B-4184-2487A488A878} - C:\WINDOWS\system\wxccts32.dll (file missing)
O2 - BHO: (no name) - {96A6C68A-0B7D-478A-B439-D86B648A0694} - c:\windows\system32\fgbafgb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [pmmysaaa] C:\WINDOWS\system32\pmmysaaa.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BtcMouseMaestro] "C:\Program Files\HP Optical 4 Button USB Mouse\KMaestro.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [SUPERAntiSpyware] L:\SUPERAntiSpyware\6d51c272-9042-4df6-a793-abac237b33e2.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: xtjepueu - C:\WINDOWS\SYSTEM32\fgbafgb.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: IS Service (ISSVC) - Unknown owner - c:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12523 bytes
Thank You! Thank You!

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/cryptor virus, help me remove it please

Post by Belahzur on Sun May 31, 2009 7:49 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
    O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll
    O2 - BHO: (no name) - {359A19B8-DCD9-4965-A573-2B36853E36B8} - c:\windows\system32\cboglmvc.dll
    O2 - BHO: Microsoft Office Helper - {8B4894F8-4848-387B-4184-2487A488A878} - C:\WINDOWS\system\wxccts32.dll (file missing)
    O2 - BHO: (no name) - {96A6C68A-0B7D-478A-B439-D86B648A0694} - c:\windows\system32\fgbafgb.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w
    O4 - HKLM\..\Run: [ccApp] -
    O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
    O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
    O20 - Winlogon Notify: xtjepueu - C:\WINDOWS\SYSTEM32\fgbafgb.dll
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe


  • Press "Fix Checked"
  • Close Hijack This.

Next,

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (AVG8)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

combofix log 1st half

Post by ksbunnie1 on Sun May 31, 2009 10:03 pm

Thank You!
ComboFix 09-05-31.02 - HP_Owner 05/31/2009 14:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.423 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\as.txt
c:\docume~1\HP_Owner\APPLIC~1\FunWebProducts
c:\docume~1\HP_Owner\APPLIC~1\FunWebProducts\Data\HP_Owner\avatar.dat
c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\desktop.ini
c:\documents and settings\All Users\Start Menu\Online Security Guide.url
c:\documents and settings\All Users\Start Menu\Security Troubleshooting.url
c:\documents and settings\HP_Owner\Application Data\FunWebProducts\Data\HP_Owner\avatar.dat
c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\Dxc.log
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Dxc.log
c:\program files\A360
c:\program files\A360\av360.exe.tmp
c:\program files\AdvancedCleaner Free
c:\program files\AdvancedCleaner Free\setup_p.exe
c:\program files\AntiSpywareMaster
c:\program files\FunWebProducts
c:\program files\FunWebProducts\PopSwatr\History\allowed
c:\program files\FunWebProducts\PopSwatr\History\notallow
c:\program files\FunWebProducts\ScreenSaver\Images\00523CFA.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\3.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\3.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\3.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\3.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\3.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\3.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\3.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\3.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\3.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\3.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\3.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\common.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\include.js
c:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loader.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
c:\program files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\window.ico
c:\program files\MyWebSearch\bar\Cache\0058F512.bin
c:\program files\MyWebSearch\bar\Cache\0075E1CB
c:\program files\MyWebSearch\bar\Cache\0075E64F
c:\program files\MyWebSearch\bar\Cache\0075E805.bin
c:\program files\MyWebSearch\bar\Cache\0075EBCE.bin
c:\program files\MyWebSearch\bar\Cache\0075F023.bin
c:\program files\MyWebSearch\bar\Cache\0075F16B.bin
c:\program files\MyWebSearch\bar\Cache\0144CE64
c:\program files\MyWebSearch\bar\Cache\015B2AE0.bin
c:\program files\MyWebSearch\bar\Cache\084E0FCA.bin
c:\program files\MyWebSearch\bar\Cache\084E23EE.bin
c:\program files\MyWebSearch\bar\Cache\084E24D8.bin
c:\program files\MyWebSearch\bar\Cache\084E25D2.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

2nd half of combo fix

Post by ksbunnie1 on Sun May 31, 2009 10:04 pm

c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
c:\program files\security toolbar
c:\program files\security toolbar\Uninstall.bat
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\content\options.js
c:\program files\SelectRebates\FFToolbar\chrome\content\options.xul
c:\program files\SelectRebates\FFToolbar\chrome\content\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\chrome\content\sahtoolbar.xul
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\contents.rdf
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.dtd
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.dtd.skin
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.properties
c:\program files\SelectRebates\FFToolbar\chrome\skin\3rdParty.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\add-folderplus.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\add-plussign.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\alert-blue.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\alert-red.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\bluebar.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\dollarsign.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\FindWords.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\gripper.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\icon-magnifying.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\invite.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\invite2.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-blue.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-gray.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-green.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-red.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Options.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\S.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-LogoHotSpots.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-logotext.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-mainlogo-v1.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-mainlogo-v2.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\sahtoolbar.css
c:\program files\SelectRebates\FFToolbar\chrome\skin\Scissors.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Search.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\shoppingcart.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\singleperson.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\star.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\thumb2.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Thumbs.db
c:\program files\SelectRebates\FFToolbar\chrome\skin\toolbar-images-ALL.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Toolbar_HelpAndFeedback.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Wrench.png
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\bg-gradient.gif
c:\program files\SelectRebates\SahImages\button-close.gif
c:\program files\SelectRebates\SahImages\sah-logopop.gif
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\Add.bmp
c:\program files\SelectRebates\Toolbar\AdvancedOptions.html
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\button-CloseWindow.gif
c:\program files\SelectRebates\Toolbar\i_clipboard.bmp
c:\program files\SelectRebates\Toolbar\i_help.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\Invite.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\MyNew.bmp
c:\program files\SelectRebates\Toolbar\MyNone.bmp
c:\program files\SelectRebates\Toolbar\MyPage.bmp
c:\program files\SelectRebates\Toolbar\Rate.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sah_logo_bars.gif
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\program files\SelectRebates\Toolbar\Tools.bmp
c:\program files\SelectRebates\Toolbar\Tools2.bmp
c:\program files\SpyShredder
c:\program files\SpyShredder\SpyShredder.exe
c:\program files\SpyShredder\SpyShredder.lic
c:\program files\SpyShredder\SpyShredder0.ss
c:\program files\SpyShredder\SpyShredder1.dll
c:\program files\SpyShredder\SpyShredder1.ss
c:\program files\SpyShredder\SpyShredder2.dll
c:\program files\SpyShredder\SpyShredder3.dll
c:\program files\SpyShredder\Uninstall.exe
c:\program files\web buying
c:\temp\tn3
c:\windows\144.exe
c:\windows\adedeg.ini
c:\windows\ayyccf.ini
c:\windows\cs_cache.ini
c:\windows\degfii.ini
c:\windows\IE4 Error Log.txt
c:\windows\kmnonn.ini
c:\windows\MailSwitch.ocx
c:\windows\qpoqpo.ini
c:\windows\qrstut.ini
c:\windows\system32\cboglmvc.dll
c:\windows\system32\drivers\pcimfmmw.sys
c:\windows\system32\drivers\vslzqzav.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\fgbafgb.dll
c:\windows\system32\zwbriri.dll
c:\windows\tvwxxx.ini
c:\windows\uninst2.htm
c:\windows\unist1.htm
c:\windows\winhp32.exe
c:\windows\xbacfe.ini
D:\Autorun.inf
D:\Desktop.ini

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

3rd of combofix

Post by ksbunnie1 on Sun May 31, 2009 10:05 pm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DWMBXIPL
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_PCIMFMMW
-------\Service_dwmbxipl
-------\Service_MyWebSearchService
-------\Service_pcimfmmw


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 17:44 . 2009-05-31 17:44 -------- d-----w- c:\windows\system32\scripting
2009-05-31 17:44 . 2009-05-31 17:44 -------- d-----w- c:\windows\l2schemas
2009-05-31 17:44 . 2009-05-31 17:44 -------- d-----w- c:\windows\system32\bits
2009-05-31 17:41 . 2009-05-31 17:41 -------- d-----w- c:\windows\ServicePackFiles
2009-05-31 17:33 . 2009-05-31 17:33 -------- d-----w- c:\windows\EHome
2009-05-31 02:01 . 2009-05-31 19:00 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-31 01:56 . 2009-05-31 01:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-31 01:56 . 2009-05-31 01:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-31 01:56 . 2009-05-31 01:56 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-31 01:56 . 2009-05-31 01:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-31 01:56 . 2009-05-31 02:03 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-31 01:55 . 2009-05-31 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-31 01:55 . 2009-05-31 01:55 -------- d-----w- c:\program files\AVG
2009-05-30 03:04 . 2009-05-30 03:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2009-05-30 03:04 . 2009-05-30 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-30 03:04 . 2009-05-30 03:04 -------- d-----w- c:\docume~1\HP_Owner\APPLIC~1\SUPERAntiSpyware.com
2009-05-30 03:02 . 2009-05-30 03:02 0 ----a-w- c:\windows\nsreg.dat
2009-05-30 03:02 . 2009-05-30 03:02 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Mozilla
2009-05-29 18:24 . 2001-08-17 19:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-05-29 18:24 . 2001-08-18 05:36 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2009-05-29 18:24 . 2004-08-04 05:41 13776 ----a-w- c:\windows\system32\dllcache\recagent.sys
2009-05-29 18:24 . 2001-08-17 20:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2009-05-29 18:22 . 2001-08-17 20:53 17792 ----a-w- c:\windows\system32\dllcache\ppa.sys
2009-05-29 18:21 . 2001-08-17 19:12 30495 ----a-w- c:\windows\system32\dllcache\pc100nds.sys
2009-05-29 18:20 . 2001-08-18 05:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2009-05-29 18:20 . 2004-08-04 05:41 180360 ----a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2009-05-29 18:20 . 2001-08-17 19:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-05-29 18:20 . 2001-08-17 20:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2009-05-29 18:20 . 2001-08-17 20:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-05-29 18:20 . 2001-08-17 19:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-05-29 18:20 . 2001-08-17 19:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-05-29 18:20 . 2001-08-17 19:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-05-29 18:20 . 2004-08-04 05:31 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-05-29 18:20 . 2001-08-17 19:11 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2009-05-29 18:20 . 2001-08-17 19:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2009-05-29 18:20 . 2001-08-18 05:36 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2009-05-29 18:20 . 2001-08-17 20:49 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
2009-05-29 18:18 . 2001-08-17 21:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-05-29 18:18 . 2004-08-04 12:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-05-29 18:18 . 2001-08-17 21:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2009-05-29 18:18 . 2001-08-17 20:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2009-05-29 18:18 . 2001-08-17 20:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-05-29 18:18 . 2001-08-17 20:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-05-29 18:18 . 2001-08-17 20:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2009-05-29 18:18 . 2001-08-17 19:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2009-05-29 18:18 . 2001-08-17 21:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2009-05-29 18:18 . 2001-08-18 05:36 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2009-05-29 18:16 . 2001-08-17 19:12 26442 ----a-w- c:\windows\system32\dllcache\lanepic5.sys
2009-05-29 18:16 . 2001-08-17 19:12 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2009-05-29 18:16 . 2001-08-18 05:36 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2009-05-29 18:16 . 2004-08-04 12:00 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
2009-05-29 18:16 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-05-29 18:16 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-05-29 18:16 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2009-05-29 18:16 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-05-29 18:16 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-05-29 18:16 . 2001-08-17 20:49 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2009-05-29 18:16 . 2001-08-17 20:51 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
2009-05-29 18:16 . 2001-08-17 20:49 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2009-05-29 18:14 . 2001-08-17 19:12 100936 ----a-w- c:\windows\system32\dllcache\ibmtok.sys
2009-05-29 18:13 . 2001-08-17 21:07 25952 ----a-w- c:\windows\system32\dllcache\hpn.sys
2009-05-29 18:12 . 2001-08-17 21:56 470144 ----a-w- c:\windows\system32\dllcache\g200d.dll
2009-05-29 18:11 . 2001-08-18 05:36 34816 ----a-w- c:\windows\system32\dllcache\esuimg.dll
2009-05-29 18:10 . 2001-08-17 19:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
2009-05-29 18:09 . 2001-08-18 05:36 256512 ----a-w- c:\windows\system32\dllcache\devcon32.dll
2009-05-29 18:08 . 2001-08-17 21:56 111232 ----a-w- c:\windows\system32\dllcache\cl5465.dll
2009-05-29 18:07 . 2001-08-18 05:36 9728 ----a-w- c:\windows\system32\dllcache\brcoinst.dll
2009-05-29 18:06 . 2001-08-17 21:07 101888 ----a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-05-29 17:53 . 2004-08-04 05:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-05-29 17:51 . 2004-08-04 05:29 63488 ------w- c:\windows\system32\drivers\atinxsxx.sys
2009-05-29 17:26 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-05-29 17:23 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-05-29 17:23 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-29 17:23 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-05-29 17:22 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-05-29 17:19 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-05-29 17:18 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-05-29 17:18 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-05-29 17:11 . 2009-05-29 17:11 -------- d-sh--w- c:\documents and settings\HP_Owner\IECompatCache
2009-05-29 13:37 . 2009-05-29 13:37 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\ivzlvwtv
2009-05-29 13:37 . 2009-05-29 13:37 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\ivzlvwtv
2009-05-29 13:37 . 2009-05-29 13:37 -------- d-----w- c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv
2009-05-14 16:50 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-05-14 16:48 . 2009-05-14 16:50 -------- d-----w- c:\program files\Zune
2009-05-14 16:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-05-14 16:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll
2009-05-14 16:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2009-05-14 16:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\dllcache\imapi2.dll

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

4th of combofix

Post by ksbunnie1 on Sun May 31, 2009 10:07 pm

2009-05-14 16:46 . 2008-05-02 10:49 62976 ------w- c:\windows\system32\dllcache\cdrom.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 19:15 . 2009-05-31 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-31 19:15 . 2009-05-31 19:15 -------- d-----w- c:\program files\NOS
2009-05-31 19:13 . 2009-04-30 18:07 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\U3
2009-05-31 19:13 . 2009-04-30 18:07 -------- d-----w- c:\docume~1\HP_Owner\APPLIC~1\U3
2009-05-31 18:53 . 2009-05-31 18:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-31 18:52 . 2006-01-11 00:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-31 18:39 . 2009-05-31 18:39 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-31 18:39 . 2005-06-17 02:16 -------- d-----w- c:\program files\Java
2009-05-31 17:47 . 2005-01-27 05:13 83187 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-31 17:47 . 2009-05-31 17:47 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-05-31 17:47 . 2009-05-31 17:47 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-05-31 16:59 . 2005-06-17 02:57 -------- d-----w- c:\program files\Google
2009-05-29 17:29 . 2009-04-01 03:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-29 17:28 . 2006-12-24 13:59 -------- d-----w- c:\program files\Registry Cleaner Trial
2009-05-29 17:26 . 2006-09-14 15:02 -------- d-----w- c:\program files\Yahoo!
2009-05-29 17:26 . 2005-06-17 02:37 -------- d-----w- c:\program files\WildTangent
2009-05-29 17:25 . 2008-12-27 16:37 -------- d-----w- c:\program files\Unity
2009-05-29 17:25 . 2005-10-22 20:15 -------- d-----w- c:\program files\The Weather Channel FW
2009-05-29 17:24 . 2005-06-17 03:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-14 17:23 . 2009-05-14 17:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-05-14 17:23 . 2009-05-14 17:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-05-14 17:22 . 2009-05-14 17:22 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-05-14 16:50 . 2009-05-14 16:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-05-14 16:50 . 2009-05-14 16:50 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-02 00:20 . 2007-07-07 21:51 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-05-02 00:20 . 2007-07-07 21:51 -------- d-----w- c:\docume~1\HP_Owner\APPLIC~1\LimeWire
2009-04-07 19:17 . 2006-11-27 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-03-08 11:34 . 2004-08-04 11:00 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2004-08-04 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2004-08-04 12:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2004-08-04 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2004-08-04 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2004-08-04 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2004-08-04 12:00 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2004-08-04 12:00 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
2005-10-22 20:18 . 2005-10-22 20:18 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-08-18 13:05 . 2007-08-18 13:05 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-06-17 02:40 . 2004-10-14 20:54 253952 c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe
2005-06-17 02:40 . 2004-10-14 20:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

2005-06-17 03:14 . 2005-03-18 11:05 339968 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
2005-06-17 03:14 . 2005-03-18 11:05 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

2005-11-22 21:47 . 2002-09-11 03:26 368706 c:\program files\BroadJump\Client Foundation\bak\CFD.exe

2002-07-16 21:21 . 2002-07-16 21:21 28672 c:\program files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe

2005-06-17 02:36 . 2005-06-17 02:36 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2005-06-17 02:36 . 2005-06-17 02:36 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2005-02-26 05:34 . 2005-02-26 05:34 245760 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
2005-02-26 05:34 . 2005-02-26 05:34 245760 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2002-10-07 05:23 . 2002-10-07 05:23 90112 c:\program files\HP\Digital Imaging\Unload\bak\hpqcmon.exe
2002-10-07 07:23 . 2002-10-07 07:23 90112 c:\program files\HP\Digital Imaging\Unload\HpqCmon.exe

2002-04-17 15:42 . 2002-04-17 15:42 69632 c:\program files\HP\HP Share-to-Web\bak\hpgs2wnd.exe
2002-04-17 17:42 . 2002-04-17 17:42 69632 c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe

2005-10-12 23:13 . 2005-10-12 23:13 7086080 c:\program files\MSN Messenger\bak\msnmsgr.exe

2005-06-17 02:45 . 2005-06-17 02:45 98304 c:\program files\QuickTime\bak\qttask.exe
2009-01-05 23:18 . 2009-01-05 23:18 413696 c:\program files\QuickTime\QTTask.exe

2006-12-24 13:59 . 2006-11-11 15:44 4771840 c:\program files\Registry Cleaner Trial\bak\Regclean.exe

2006-11-27 02:48 . 2003-12-10 10:52 380928 c:\program files\SBC Self Support Tool\SmartBridge\bak\MotiveSB.exe

2005-10-22 20:15 . 2006-10-30 21:27 715888 c:\program files\The Weather Channel FW\Desktop Weather\bak\DesktopWeather.exe

2007-03-12 22:14 . 2005-05-19 21:59 176128 c:\program files\Walgreens\Walgreens PhotoShow\data\Xtras\bak\mssysmgr.exe

2006-11-27 02:42 . 2006-07-21 22:19 129536 c:\program files\Yahoo!\browser\bak\ybrwicon.exe

2007-01-12 15:02 . 2006-10-27 03:21 4662776 c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

2007-01-12 15:03 . 2006-07-21 16:43 407032 c:\program files\Yahoo!\YOP\bak\yop.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

5th part

Post by ksbunnie1 on Sun May 31, 2009 10:08 pm

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"SUPERAntiSpyware"="l:\superantispyware\6d51c272-9042-4df6-a793-abac237b33e2.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"pmmysaaa"="c:\windows\system32\pmmysaaa.exe" [N/A]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [N/A]
"Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-17 180269]
"BtcMouseMaestro"="c:\program files\HP Optical 4 Button USB Mouse\KMaestro.exe" [2007-02-05 339968]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-31 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-31 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-10-05 235936]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-6-16 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-31 01:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28512:TCP"= 28512:TCP:@xpsp2res.dll,-22009
"52843:TCP"= 52843:TCP:@xpsp2res.dll,-22009
"45416:TCP"= 45416:TCP:@xpsp2res.dll,-22009
"38754:TCP"= 38754:TCP:@xpsp2res.dll,-22009
"9569:TCP"= 9569:TCP:@xpsp2res.dll,-22009
"14185:TCP"= 14185:TCP:@xpsp2res.dll,-22009
"18786:TCP"= 18786:TCP:@xpsp2res.dll,-22009
"44644:TCP"= 44644:TCP:@xpsp2res.dll,-22009
"43876:TCP"= 43876:TCP:@xpsp2res.dll,-22009
"6498:TCP"= 6498:TCP:@xpsp2res.dll,-22009
"63072:TCP"= 63072:TCP:@xpsp2res.dll,-22009
"16621:TCP"= 16621:TCP:@xpsp2res.dll,-22009
"29027:TCP"= 29027:TCP:@xpsp2res.dll,-22009
"39778:TCP"= 39778:TCP:@xpsp2res.dll,-22009
"4706:TCP"= 4706:TCP:@xpsp2res.dll,-22009
"11873:TCP"= 11873:TCP:@xpsp2res.dll,-22009
"14438:TCP"= 14438:TCP:@xpsp2res.dll,-22009
"9316:TCP"= 9316:TCP:@xpsp2res.dll,-22009
"59492:TCP"= 59492:TCP:@xpsp2res.dll,-22009
"38752:TCP"= 38752:TCP:@xpsp2res.dll,-22009
"43106:TCP"= 43106:TCP:@xpsp2res.dll,-22009
"65065:TCP"= 65065:TCP:@xpsp2res.dll,-22009
"25384:TCP"= 25384:TCP:@xpsp2res.dll,-22009
"48426:TCP"= 48426:TCP:@xpsp2res.dll,-22009
"49706:TCP"= 49706:TCP:@xpsp2res.dll,-22009
"46121:TCP"= 46121:TCP:@xpsp2res.dll,-22009
"53290:TCP"= 53290:TCP:@xpsp2res.dll,-22009
"23593:TCP"= 23593:TCP:@xpsp2res.dll,-22009
"36392:TCP"= 36392:TCP:@xpsp2res.dll,-22009
"16022:TCP"= 16022:TCP:@xpsp2res.dll,-22009
"46999:TCP"= 46999:TCP:@xpsp2res.dll,-22009
"6806:TCP"= 6806:TCP:@xpsp2res.dll,-22009
"56470:TCP"= 56470:TCP:@xpsp2res.dll,-22009
"64407:TCP"= 64407:TCP:@xpsp2res.dll,-22009
"23594:TCP"= 23594:TCP:@xpsp2res.dll,-22009
"14742:TCP"= 14742:TCP:@xpsp2res.dll,-22009
"55080:TCP"= 55080:TCP:@xpsp2res.dll,-22009
"63639:TCP"= 63639:TCP:@xpsp2res.dll,-22009
"24872:TCP"= 24872:TCP:@xpsp2res.dll,-22009
"33175:TCP"= 33175:TCP:@xpsp2res.dll,-22009
"48168:TCP"= 48168:TCP:@xpsp2res.dll,-22009
"52963:TCP"= 52963:TCP:@xpsp2res.dll,-22009
"42466:TCP"= 42466:TCP:@xpsp2res.dll,-22009
"22824:TCP"= 22824:TCP:@xpsp2res.dll,-22009
"56616:TCP"= 56616:TCP:@xpsp2res.dll,-22009
"26774:TCP"= 26774:TCP:@xpsp2res.dll,-22009
"46742:TCP"= 46742:TCP:@xpsp2res.dll,-22009
"3223:TCP"= 3223:TCP:@xpsp2res.dll,-22009
"28386:TCP"= 28386:TCP:@xpsp2res.dll,-22009
"44694:TCP"= 44694:TCP:@xpsp2res.dll,-22009
"10793:TCP"= 10793:TCP:@xpsp2res.dll,-22009
"37859:TCP"= 37859:TCP:@xpsp2res.dll,-22009
"3990:TCP"= 3990:TCP:@xpsp2res.dll,-22009
"8162:TCP"= 8162:TCP:@xpsp2res.dll,-22009
"18219:TCP"= 18219:TCP:@xpsp2res.dll,-22009
"28459:TCP"= 28459:TCP:@xpsp2res.dll,-22009
"9258:TCP"= 9258:TCP:@xpsp2res.dll,-22009
"25640:TCP"= 25640:TCP:@xpsp2res.dll,-22009
"4651:TCP"= 4651:TCP:@xpsp2res.dll,-22009
"31715:TCP"= 31715:TCP:@xpsp2res.dll,-22009
"5015:TCP"= 5015:TCP:@xpsp2res.dll,-22009
"35043:TCP"= 35043:TCP:@xpsp2res.dll,-22009
"54570:TCP"= 54570:TCP:@xpsp2res.dll,-22009
"16168:TCP"= 16168:TCP:@xpsp2res.dll,-22009
"43235:TCP"= 43235:TCP:@xpsp2res.dll,-22009
"21289:TCP"= 21289:TCP:@xpsp2res.dll,-22009
"50839:TCP"= 50839:TCP:@xpsp2res.dll,-22009
"23010:TCP"= 23010:TCP:@xpsp2res.dll,-22009
"11234:TCP"= 11234:TCP:@xpsp2res.dll,-22009

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [4/9/2008 7:27 PM 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/30/2009 6:56 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/30/2009 6:56 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/30/2009 6:55 PM 298776]
S1 SASDIFSV;SASDIFSV;\??\l:\superantispyware\SASDIFSV.SYS --> l:\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\l:\superantispyware\SASKUTIL.sys --> l:\superantispyware\SASKUTIL.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/31/2009 12:15 PM 33176]
S3 SASENUM;SASENUM;\??\l:\superantispyware\SASENUM.SYS --> l:\superantispyware\SASENUM.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PCIMFMMW
*Deregistered* - pcimfmmw

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-05-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 23:39]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\HP_Owner\APPLIC~1\Mozilla\Firefox\Profiles\cvhg1svi.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\RayV\RayV\RayVExtension@RayV.com\plugins\nprayvplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-31 14:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3471895038-160567377-4104556831-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3088)
c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\HP\HP Share-to-Web\hpgs2wnf.exe
.
**************************************************************************
.
Completion time: 2009-05-31 14:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 21:58

Pre-Run: 120,411,938,816 bytes free
Post-Run: 124,733,456,384 bytes free

694 --- E O F --- 2009-05-31 17:52

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/cryptor virus, help me remove it please

Post by Belahzur on Sun May 31, 2009 10:13 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Folder::
c:\documents and settings\HP_Owner\Local Settings\Application Data\ivzlvwtv
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv

AWF::
c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe
c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
c:\program files\BroadJump\Client Foundation\bak\CFD.exe
c:\program files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
c:\program files\HP\Digital Imaging\Unload\bak\hpqcmon.exe
c:\program files\HP\HP Share-to-Web\bak\hpgs2wnd.exe
c:\program files\MSN Messenger\bak\msnmsgr.exe
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Registry Cleaner Trial\bak\Regclean.exe
c:\program files\SBC Self Support Tool\SmartBridge\bak\MotiveSB.exe
c:\program files\The Weather Channel FW\Desktop Weather\bak\DesktopWeather.exe
c:\program files\Walgreens\Walgreens PhotoShow\data\Xtras\bak\mssysmgr.exe
c:\program files\Yahoo!\browser\bak\ybrwicon.exe
c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE
c:\program files\Yahoo!\YOP\bak\yop.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-
"AntiVirusOverride"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

ok I did that 1st part

Post by ksbunnie1 on Sun May 31, 2009 10:58 pm

ComboFix 09-05-31.02 - HP_Owner 05/31/2009 15:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.524 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\profiles.ini
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\cert8.db
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\compatibility.ini
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\compreg.dat
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\cookies.sqlite
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\formhistory.sqlite
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\key3.db
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\localstore.rdf
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\permissions.sqlite
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\places.sqlite
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\pluginreg.dat
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\prefs.js
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\secmod.db
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\webappsstore.sqlite
c:\docume~1\HP_Owner\APPLIC~1\ivzlvwtv\Profiles\o0i4na1v.default\xpti.dat
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\profiles.ini
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\cert8.db
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\compatibility.ini
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\compreg.dat
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\cookies.sqlite
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\formhistory.sqlite
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\key3.db
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\localstore.rdf
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\permissions.sqlite
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\places.sqlite
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\pluginreg.dat
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\prefs.js
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\secmod.db
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\webappsstore.sqlite
c:\documents and settings\HP_Owner\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\xpti.dat
c:\documents and settings\HP_Owner\Local Settings\Application Data\ivzlvwtv
c:\documents and settings\HP_Owner\Local Settings\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\urlclassifier3.sqlite
c:\documents and settings\HP_Owner\Local Settings\Application Data\ivzlvwtv\Profiles\o0i4na1v.default\XPC.mfl

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 19:15 . 2009-05-31 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-31 19:15 . 2009-05-31 19:15 -------- d-----w- c:\program files\NOS
2009-05-31 18:53 . 2009-05-31 18:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-31 18:39 . 2009-05-31 18:39 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-31 17:44 . 2009-05-31 17:44 -------- d-----w- c:\windows\system32\scripting
2009-05-31 17:44 . 2009-05-31 17:44 -------- d-----w- c:\windows\l2schemas
2009-05-31 17:44 . 2009-05-31 17:44 -------- d-----w- c:\windows\system32\bits
2009-05-31 17:41 . 2009-05-31 17:41 -------- d-----w- c:\windows\ServicePackFiles
2009-05-31 17:33 . 2009-05-31 17:33 -------- d-----w- c:\windows\EHome
2009-05-31 02:01 . 2009-05-31 19:00 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-31 01:56 . 2009-05-31 01:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-31 01:56 . 2009-05-31 01:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-31 01:56 . 2009-05-31 01:56 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-31 01:56 . 2009-05-31 01:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-31 01:56 . 2009-05-31 02:03 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-31 01:55 . 2009-05-31 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-31 01:55 . 2009-05-31 01:55 -------- d-----w- c:\program files\AVG
2009-05-30 03:04 . 2009-05-30 03:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2009-05-30 03:04 . 2009-05-30 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-30 03:04 . 2009-05-30 03:04 -------- d-----w- c:\docume~1\HP_Owner\APPLIC~1\SUPERAntiSpyware.com
2009-05-30 03:02 . 2009-05-30 03:02 0 ----a-w- c:\windows\nsreg.dat
2009-05-30 03:02 . 2009-05-30 03:02 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Mozilla
2009-05-29 18:24 . 2001-08-17 19:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-05-29 18:24 . 2001-08-18 05:36 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2009-05-29 18:24 . 2004-08-04 05:41 13776 ----a-w- c:\windows\system32\dllcache\recagent.sys
2009-05-29 18:24 . 2001-08-17 20:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2009-05-29 18:22 . 2001-08-17 20:53 17792 ----a-w- c:\windows\system32\dllcache\ppa.sys
2009-05-29 18:21 . 2001-08-17 19:12 30495 ----a-w- c:\windows\system32\dllcache\pc100nds.sys
2009-05-29 18:20 . 2001-08-18 05:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2009-05-29 18:20 . 2004-08-04 05:41 180360 ----a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2009-05-29 18:20 . 2001-08-17 19:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-05-29 18:20 . 2001-08-17 20:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2009-05-29 18:20 . 2001-08-17 20:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-05-29 18:20 . 2001-08-17 19:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-05-29 18:20 . 2001-08-17 19:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-05-29 18:20 . 2001-08-17 19:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-05-29 18:20 . 2004-08-04 05:31 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-05-29 18:20 . 2001-08-17 19:11 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2009-05-29 18:20 . 2001-08-17 19:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2009-05-29 18:20 . 2001-08-18 05:36 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2009-05-29 18:20 . 2001-08-17 20:49 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
2009-05-29 18:18 . 2001-08-17 21:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-05-29 18:18 . 2004-08-04 12:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-05-29 18:18 . 2001-08-17 21:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2009-05-29 18:18 . 2001-08-17 20:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2009-05-29 18:18 . 2001-08-17 20:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-05-29 18:18 . 2001-08-17 20:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-05-29 18:18 . 2001-08-17 20:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2009-05-29 18:18 . 2001-08-17 19:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2009-05-29 18:18 . 2001-08-17 21:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2009-05-29 18:18 . 2001-08-18 05:36 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2009-05-29 18:16 . 2001-08-17 19:12 26442 ----a-w- c:\windows\system32\dllcache\lanepic5.sys
2009-05-29 18:16 . 2001-08-17 19:12 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2009-05-29 18:16 . 2001-08-18 05:36 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2009-05-29 18:16 . 2004-08-04 12:00 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
2009-05-29 18:16 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-05-29 18:16 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-05-29 18:16 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2009-05-29 18:16 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-05-29 18:16 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-05-29 18:16 . 2001-08-17 20:49 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2009-05-29 18:16 . 2001-08-17 20:51 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
2009-05-29 18:16 . 2001-08-17 20:49 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2009-05-29 18:14 . 2001-08-17 19:12 100936 ----a-w- c:\windows\system32\dllcache\ibmtok.sys
2009-05-29 18:13 . 2001-08-17 21:07 25952 ----a-w- c:\windows\system32\dllcache\hpn.sys
2009-05-29 18:12 . 2001-08-17 21:56 470144 ----a-w- c:\windows\system32\dllcache\g200d.dll
2009-05-29 18:11 . 2001-08-18 05:36 34816 ----a-w- c:\windows\system32\dllcache\esuimg.dll
2009-05-29 18:10 . 2001-08-17 19:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
2009-05-29 18:09 . 2001-08-18 05:36 256512 ----a-w- c:\windows\system32\dllcache\devcon32.dll
2009-05-29 18:08 . 2001-08-17 21:56 111232 ----a-w- c:\windows\system32\dllcache\cl5465.dll
2009-05-29 18:07 . 2001-08-18 05:36 9728 ----a-w- c:\windows\system32\dllcache\brcoinst.dll
2009-05-29 18:06 . 2001-08-17 21:07 101888 ----a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-05-29 17:53 . 2004-08-04 05:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-05-29 17:51 . 2004-08-04 05:29 63488 ------w- c:\windows\system32\drivers\atinxsxx.sys
2009-05-29 17:26 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-05-29 17:23 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-05-29 17:23 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-29 17:23 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-05-29 17:22 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-05-29 17:19 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-05-29 17:18 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-05-29 17:18 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-05-29 17:11 . 2009-05-29 17:11 -------- d-sh--w- c:\documents and settings\HP_Owner\IECompatCache
2009-05-14 16:50 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-05-14 16:48 . 2009-05-14 16:50 -------- d-----w- c:\program files\Zune
2009-05-14 16:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-05-14 16:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll
2009-05-14 16:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2009-05-14 16:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\dllcache\imapi2.dll
2009-05-14 16:46 . 2008-05-02 10:49 62976 ------w- c:\windows\system32\dllcache\cdrom.sys

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

2nd

Post by ksbunnie1 on Sun May 31, 2009 10:59 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 22:39 . 2006-12-24 13:59 -------- d-----w- c:\program files\Registry Cleaner Trial
2009-05-31 22:39 . 2005-06-17 02:45 -------- d-----w- c:\program files\QuickTime
2009-05-31 22:39 . 2005-12-01 19:43 -------- d-----w- c:\program files\MSN Messenger
2009-05-31 19:13 . 2009-04-30 18:07 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\U3
2009-05-31 19:13 . 2009-04-30 18:07 -------- d-----w- c:\docume~1\HP_Owner\APPLIC~1\U3
2009-05-31 18:52 . 2006-01-11 00:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-31 18:39 . 2005-06-17 02:16 -------- d-----w- c:\program files\Java
2009-05-31 17:47 . 2005-01-27 05:13 83187 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-31 17:47 . 2009-05-31 17:47 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-05-31 17:47 . 2009-05-31 17:47 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-05-31 16:59 . 2005-06-17 02:57 -------- d-----w- c:\program files\Google
2009-05-29 17:29 . 2009-04-01 03:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-29 17:26 . 2006-09-14 15:02 -------- d-----w- c:\program files\Yahoo!
2009-05-29 17:26 . 2005-06-17 02:37 -------- d-----w- c:\program files\WildTangent
2009-05-29 17:25 . 2008-12-27 16:37 -------- d-----w- c:\program files\Unity
2009-05-29 17:25 . 2005-10-22 20:15 -------- d-----w- c:\program files\The Weather Channel FW
2009-05-29 17:24 . 2005-06-17 03:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-14 17:23 . 2009-05-14 17:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-05-14 17:23 . 2009-05-14 17:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-05-14 17:22 . 2009-05-14 17:22 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-05-14 16:50 . 2009-05-14 16:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-05-14 16:50 . 2009-05-14 16:50 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-02 00:20 . 2007-07-07 21:51 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-05-02 00:20 . 2007-07-07 21:51 -------- d-----w- c:\docume~1\HP_Owner\APPLIC~1\LimeWire
2009-04-07 19:17 . 2006-11-27 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-03-08 11:34 . 2004-08-04 11:00 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2004-08-04 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2004-08-04 12:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2004-08-04 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2004-08-04 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2004-08-04 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2004-08-04 12:00 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2004-08-04 12:00 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
2005-10-22 20:18 . 2005-10-22 20:18 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-08-18 13:05 . 2007-08-18 13:05 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-31 22:43 . 2009-05-31 22:43 16384 c:\windows\temp\Perflib_Perfdata_428.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-17 180269]
"BtcMouseMaestro"="c:\program files\HP Optical 4 Button USB Mouse\KMaestro.exe" [2007-02-05 339968]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-31 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-31 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-10-05 235936]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-6-16 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-31 01:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\system32\\sessmgr.exe"=

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

3rd

Post by ksbunnie1 on Sun May 31, 2009 11:00 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28512:TCP"= 28512:TCP:@xpsp2res.dll,-22009
"52843:TCP"= 52843:TCP:@xpsp2res.dll,-22009
"45416:TCP"= 45416:TCP:@xpsp2res.dll,-22009
"38754:TCP"= 38754:TCP:@xpsp2res.dll,-22009
"9569:TCP"= 9569:TCP:@xpsp2res.dll,-22009
"14185:TCP"= 14185:TCP:@xpsp2res.dll,-22009
"18786:TCP"= 18786:TCP:@xpsp2res.dll,-22009
"44644:TCP"= 44644:TCP:@xpsp2res.dll,-22009
"43876:TCP"= 43876:TCP:@xpsp2res.dll,-22009
"6498:TCP"= 6498:TCP:@xpsp2res.dll,-22009
"63072:TCP"= 63072:TCP:@xpsp2res.dll,-22009
"16621:TCP"= 16621:TCP:@xpsp2res.dll,-22009
"29027:TCP"= 29027:TCP:@xpsp2res.dll,-22009
"39778:TCP"= 39778:TCP:@xpsp2res.dll,-22009
"4706:TCP"= 4706:TCP:@xpsp2res.dll,-22009
"11873:TCP"= 11873:TCP:@xpsp2res.dll,-22009
"14438:TCP"= 14438:TCP:@xpsp2res.dll,-22009
"9316:TCP"= 9316:TCP:@xpsp2res.dll,-22009
"59492:TCP"= 59492:TCP:@xpsp2res.dll,-22009
"38752:TCP"= 38752:TCP:@xpsp2res.dll,-22009
"43106:TCP"= 43106:TCP:@xpsp2res.dll,-22009
"65065:TCP"= 65065:TCP:@xpsp2res.dll,-22009
"25384:TCP"= 25384:TCP:@xpsp2res.dll,-22009
"48426:TCP"= 48426:TCP:@xpsp2res.dll,-22009
"49706:TCP"= 49706:TCP:@xpsp2res.dll,-22009
"46121:TCP"= 46121:TCP:@xpsp2res.dll,-22009
"53290:TCP"= 53290:TCP:@xpsp2res.dll,-22009
"23593:TCP"= 23593:TCP:@xpsp2res.dll,-22009
"36392:TCP"= 36392:TCP:@xpsp2res.dll,-22009
"16022:TCP"= 16022:TCP:@xpsp2res.dll,-22009
"46999:TCP"= 46999:TCP:@xpsp2res.dll,-22009
"6806:TCP"= 6806:TCP:@xpsp2res.dll,-22009
"56470:TCP"= 56470:TCP:@xpsp2res.dll,-22009
"64407:TCP"= 64407:TCP:@xpsp2res.dll,-22009
"23594:TCP"= 23594:TCP:@xpsp2res.dll,-22009
"14742:TCP"= 14742:TCP:@xpsp2res.dll,-22009
"55080:TCP"= 55080:TCP:@xpsp2res.dll,-22009
"63639:TCP"= 63639:TCP:@xpsp2res.dll,-22009
"24872:TCP"= 24872:TCP:@xpsp2res.dll,-22009
"33175:TCP"= 33175:TCP:@xpsp2res.dll,-22009
"48168:TCP"= 48168:TCP:@xpsp2res.dll,-22009
"52963:TCP"= 52963:TCP:@xpsp2res.dll,-22009
"42466:TCP"= 42466:TCP:@xpsp2res.dll,-22009
"22824:TCP"= 22824:TCP:@xpsp2res.dll,-22009
"56616:TCP"= 56616:TCP:@xpsp2res.dll,-22009
"26774:TCP"= 26774:TCP:@xpsp2res.dll,-22009
"46742:TCP"= 46742:TCP:@xpsp2res.dll,-22009
"3223:TCP"= 3223:TCP:@xpsp2res.dll,-22009
"28386:TCP"= 28386:TCP:@xpsp2res.dll,-22009
"44694:TCP"= 44694:TCP:@xpsp2res.dll,-22009
"10793:TCP"= 10793:TCP:@xpsp2res.dll,-22009
"37859:TCP"= 37859:TCP:@xpsp2res.dll,-22009
"3990:TCP"= 3990:TCP:@xpsp2res.dll,-22009
"8162:TCP"= 8162:TCP:@xpsp2res.dll,-22009
"18219:TCP"= 18219:TCP:@xpsp2res.dll,-22009
"28459:TCP"= 28459:TCP:@xpsp2res.dll,-22009
"9258:TCP"= 9258:TCP:@xpsp2res.dll,-22009
"25640:TCP"= 25640:TCP:@xpsp2res.dll,-22009
"4651:TCP"= 4651:TCP:@xpsp2res.dll,-22009
"31715:TCP"= 31715:TCP:@xpsp2res.dll,-22009
"5015:TCP"= 5015:TCP:@xpsp2res.dll,-22009
"35043:TCP"= 35043:TCP:@xpsp2res.dll,-22009
"54570:TCP"= 54570:TCP:@xpsp2res.dll,-22009
"16168:TCP"= 16168:TCP:@xpsp2res.dll,-22009
"43235:TCP"= 43235:TCP:@xpsp2res.dll,-22009
"21289:TCP"= 21289:TCP:@xpsp2res.dll,-22009
"50839:TCP"= 50839:TCP:@xpsp2res.dll,-22009
"23010:TCP"= 23010:TCP:@xpsp2res.dll,-22009
"11234:TCP"= 11234:TCP:@xpsp2res.dll,-22009

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [4/9/2008 7:27 PM 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/30/2009 6:56 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/30/2009 6:56 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/30/2009 6:55 PM 298776]
S1 SASDIFSV;SASDIFSV;\??\l:\superantispyware\SASDIFSV.SYS --> l:\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\l:\superantispyware\SASKUTIL.sys --> l:\superantispyware\SASKUTIL.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/31/2009 12:15 PM 33176]
S3 SASENUM;SASENUM;\??\l:\superantispyware\SASENUM.SYS --> l:\superantispyware\SASENUM.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-05-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 23:39]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - l:\superantispyware\6d51c272-9042-4df6-a793-abac237b33e2.exe
HKLM-Run-pmmysaaa - c:\windows\system32\pmmysaaa.exe
HKLM-Run-CamMonitor - c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\HP_Owner\APPLIC~1\Mozilla\Firefox\Profiles\cvhg1svi.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\RayV\RayV\RayVExtension@RayV.com\plugins\nprayvplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-31 15:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3471895038-160567377-4104556831-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2664)
c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\HP Share-to-Web\hpgs2wnf.exe
.
**************************************************************************
.
Completion time: 2009-05-31 15:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 22:50
ComboFix2.txt 2009-05-31 21:58

Pre-Run: 124,787,580,928 bytes free
Post-Run: 124,771,622,912 bytes free

405 --- E O F --- 2009-05-31 17:52

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/cryptor virus, help me remove it please

Post by Belahzur on Sun May 31, 2009 11:18 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Runs way way better; I have some questions

Post by ksbunnie1 on Mon Jun 01, 2009 12:14 am

how do I get limewire clear out?
AVG found "Trojan horse Downloader.Generic8.VGD" as soon as I came back on the web???
When I put my camera little square thing in it says "No HP Instant Sare Products found. Please connect your HP Products to your computer.", why is that?
Wow does it ever run better!! Well it even goes on the web now and where I want it to go even.
Thank you so much. It was so bad for weeks I just am uneasy if it is ok and still want your help.
Smile Bow or Thanks Cheesy Grin (sparkly

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/cryptor virus, help me remove it please

Post by Belahzur on Mon Jun 01, 2009 12:27 am

Hello.

I don't see any signs of Limewire on your system from any of your logs, what do you mean by emptying it out?

Where did AVG find this problem?

Not sure on the HP problem, I do see HP software on the machine though.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

well

Post by ksbunnie1 on Mon Jun 01, 2009 1:06 am

I did a search for Limewire and found about 6 things.
A folder LimeWire in C:\DocumentsandSettings\HP_Owner|ApplicationData
limewire.props C:\DoucumentsandSettingsHP_Owner\ApplicationData\LimeWire
limewire.keystore C:\DoucumentsandSettingsHP_Owner\ApplicationData\LimeWire\certificate
folder limewire_theme C:\DoucumentsandSettingsHP_Owner\ApplicationData\LimeWire\themes
limewire_theme.lwtp C:\DoucumentsandSettingsHP_Owner\ApplicationData\LimeWire\themes
limewire C:\DoucumentsandSettingsHP_Owner\ApplicationData\LimeWire\browser\xulrunner\chrome
limewire C:\DoucumentsandSettingsHP_Owner\ApplicationData\LimeWire\browser\xulrunner\chrome
folder download.lok\\imewire.com C:\DoucumentsandSettingsHP_Owner\ApplicationData\Macromedia\FlashPlayer\#SharedObjects\MJVZ54PP
folder C:\DoucumentsandSettingsHP_Owner\ApplicationData\Macromedia\FlashPlayer\macromedia.com\support\flashplayer\sys
Do I just delete them?

I will research the Hp photo thing further.

AVG found it in C:\DoucumentsandSettingsHP_Owner\MyDocuments\InstallAVg_77011802.exe

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/cryptor virus, help me remove it please

Post by Origin on Mon Jun 01, 2009 2:31 am

Can you run a Malwarebytes scan and post the contents of the log back please.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31473
# Likes # Likes : 0

View user profile

Back to top Go down

malewarbytes log first half

Post by ksbunnie1 on Mon Jun 01, 2009 10:00 am

Malwarebytes' Anti-Malware 1.37
Database version: 2204
Windows 5.1.2600 Service Pack 3

6/1/2009 2:52:19 AM
mbam-log-2009-06-01 (02-52-02).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 204570
Time elapsed: 2 hour(s), 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 110
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 54

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

malewarbytes log 2nd half

Post by ksbunnie1 on Mon Jun 01, 2009 10:00 am

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\HP_Owner\Application Data\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
c:\documents and settings\HP_Owner\application data\adwarealert\Log (Rogue.AdwareAlert) -> No action taken.
c:\documents and settings\HP_Owner\application data\adwarealert\Settings (Rogue.AdwareAlert) -> No action taken.
C:\Program Files\bfgtoolbar (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\NewCfg (Adware.OneToolBar) -> No action taken.

Files Infected:
c:\documents and settings\HP_Owner\my documents\may 09 puter repair\backups\backup-20090531-143548-275.dll (Adware.MyWeb) -> No action taken.
c:\documents and settings\HP_Owner\my documents\may 09 puter repair\backups\backup-20090531-143548-878.dll (Adware.MyWeb) -> No action taken.
c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP7\A0004545.dll (Adware.MyWeb) -> No action taken.
c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP7\A0004547.dll (Adware.MyWeb) -> No action taken.
c:\documents and settings\HP_Owner\application data\adwarealert\rs.dat (Rogue.AdwareAlert) -> No action taken.
c:\documents and settings\HP_Owner\application data\adwarealert\Log\2007 Nov 12 - 08_01_17 PM_890.log (Rogue.AdwareAlert) -> No action taken.
c:\documents and settings\HP_Owner\application data\adwarealert\Log\2007 Nov 12 - 08_01_20 PM_500.log (Rogue.AdwareAlert) -> No action taken.
c:\documents and settings\HP_Owner\application data\adwarealert\Log\2007 Nov 12 - 08_07_17 PM_562.log (Rogue.AdwareAlert) -> No action taken.
c:\documents and settings\HP_Owner\application data\adwarealert\Log\2007 Nov 12 - 08_07_34 PM_093.log (Rogue.AdwareAlert) -> No action taken.
c:\documents and settings\HP_Owner\application data\adwarealert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> No action taken.
c:\program files\bfgtoolbar\install.ico (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\toolbar.ini (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\uninstall.exe (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\1.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\10.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\2.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\20off.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\3.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\4.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\5.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\6.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\7.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\8.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\9.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\a.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\action.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\atlantis.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\bfgtoolbartb0401.cfg (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\card.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\COMBOSEARCH.acs (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\ErrorLog.txt (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\fgh.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\ivillage.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\le.txt (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\logo.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\mahjong.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\mygames.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\new.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\newgames.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\newgames3.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\nick.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\nickjr.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\puzzle.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\search.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\thelagoon.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\thereef.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\topten.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\topten2.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\topten3.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\topten4.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\topten5.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\webgames.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\word.bmp (Adware.OneToolBar) -> No action taken.
c:\program files\bfgtoolbar\Cache\y.bmp (Adware.OneToolBar) -> No action taken.

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

oops here is malewarebytes after removal

Post by ksbunnie1 on Mon Jun 01, 2009 2:17 pm

Malwarebytes' Anti-Malware 1.37
Database version: 2204
Windows 5.1.2600 Service Pack 3

6/1/2009 7:13:24 AM
mbam-log-2009-06-01 (07-13-24).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 204570
Time elapsed: 2 hour(s), 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 110
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 54

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

more

Post by ksbunnie1 on Mon Jun 01, 2009 2:17 pm

HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\HP_Owner\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\adwarealert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\adwarealert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\HP_Owner\my documents\may 09 puter repair\backups\backup-20090531-143548-275.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\my documents\may 09 puter repair\backups\backup-20090531-143548-878.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP7\A0004545.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP7\A0004547.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\adwarealert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\adwarealert\Log\2007 Nov 12 - 08_01_17 PM_890.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\adwarealert\Log\2007 Nov 12 - 08_01_20 PM_500.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\adwarealert\Log\2007 Nov 12 - 08_07_17 PM_562.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\adwarealert\Log\2007 Nov 12 - 08_07_34 PM_093.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\adwarealert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\install.ico (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\toolbar.ini (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\uninstall.exe (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\a.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\bfgtoolbartb0401.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\ErrorLog.txt (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\fgh.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\ivillage.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\le.txt (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\newgames3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\nick.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\nickjr.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\thelagoon.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\thereef.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\topten2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\topten3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\topten4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\topten5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\program files\bfgtoolbar\Cache\y.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/cryptor virus, help me remove it please

Post by Belahzur on Mon Jun 01, 2009 2:22 pm

Hello.
We'll use this to remove them automatically. I have left the flash folders out of this script because they are just like temp files stored within the cache, we'll flush that soon.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\Doucuments and Settings\HP_Owner\My Documents\InstallAVg_77011802.exe
    C:\Doucuments and Settings\HP_Owner\Application Data\LimeWire


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

OTMoveIT3 results

Post by ksbunnie1 on Mon Jun 01, 2009 8:28 pm

========== FILES ==========
File/Folder C:\Doucuments and Settings\HP_Owner\My Documents\InstallAVg_77011802.exe not found.
File/Folder C:\Doucuments and Settings\HP_Owner\Application Data\LimeWire not found.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06012009_132730

ksbunnie1
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/cryptor virus, help me remove it please

Post by Belahzur on Mon Jun 01, 2009 9:30 pm

Hello.
Sorry, that OTMoveIt script was ment for someone else, my mistake.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

wow this is runnig great

Post by ksbunnie on Tue Jun 02, 2009 3:10 pm

Thank You! Thank You! Smile Bow or Thanks Hooray! My Buddy LMBO or ROFL Honored Ahahaha LOL Banner :howdy: Cheers Mate Open Grin
Ok, Ok that is enough adulations. Thank you is not enough words to tell you how grateful I am for your help and getting my computer back.

Many many blessings on you and yours
kansas bunnie

ksbunnie
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-05-31
OS OS : xp
Points Points : 27451
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum